Reachable
Domain Audit
SPF · DKIM · DMARC · MX · BIMI · blacklists
Find in the s= field of your DKIM-Signature header
rDNS · forward-confirm · IP blacklists
Envelope sender — SPF alignment check
Enter at least a domain or IP to begin
Reachable
Header Analyzer
📄
Drop a .txt or .eml file, or browse to upload
or paste headers below
Works with Gmail, Outlook, Apple Mail and any .eml
Reachable
DNS Simulator
Used for context, not queried live
Paste the value exactly as you plan to publish it in DNS
No DNS changes are made — analysis only
Reachable
Documentation

Reachable checks the technical infrastructure behind your email sending. Everything runs in your browser using Cloudflare DNS. Nothing you enter is stored, tracked or logged.

Domain Audit
SPFChecks which servers are authorised to send email for your domain. Validates the all mechanism, lookup count against the 10-lookup limit, and flags configurations like +all.
DKIMVerifies your public key exists at the selector you provide. Follows CNAME chains. Estimates key size and flags weak or revoked keys.
DMARCChecks your policy (p=), subdomain policy (sp=), sampling rate (pct=), and whether aggregate reports are configured (rua=). Falls back to org domain if needed.
MXConfirms inbound mail delivery is configured for your domain.
BIMIChecks whether your brand logo is configured to appear in Gmail, Yahoo and Apple Mail.
MTA-STSChecks whether TLS is enforced for inbound email connections.
BlacklistsQueries URIBL, SURBL and DBL Spamhaus for your domain reputation.
IP Checks
rDNSLooks up the PTR record for your IP and forward-confirms it resolves back to the same IP. Supports IPv4 and IPv6.
IP BlacklistsQueries Spamhaus ZEN, Barracuda, SORBS, SpamCop and MXToolbox. Validates actual positive response codes to avoid false positives.
Header Analyzer

Paste raw email headers from Gmail (three dots menu, Show original) or Outlook (File, Properties, Internet headers). Reachable decodes SPF, DKIM, DMARC and ARC results in transit, shows the routing path hop by hop, and flags spam signals.

DNS Simulator

Paste a proposed SPF or DMARC record before publishing it. For SPF, Reachable estimates the DNS lookup count and flags dangerous configurations. For DMARC, it validates p=, pct=, rua= and sp=. No DNS changes are made.

Severity levels
CriticalFix immediately. These are actively hurting your deliverability or leaving your domain open to spoofing.
ImportantShould be addressed soon. Not breaking anything today but could become a problem.
PassThis check is correctly configured.
InfoOptional or informational. Worth knowing about but not urgent.

Checks run through Reachable's proxy (a Cloudflare Worker) which queries DNS server-side. This works on corporate networks that block direct DNS-over-HTTPS. If the proxy is unreachable, requests fall back to Cloudflare, Google and NextDNS public resolvers. Nothing is logged or stored. Blacklist coverage is representative — also check Google Postmaster Tools and your ESP dashboard.